0

I have read most of the questions about it but nothing seems to work for me. I must be doing something wrong so here is what I have done. I have made two server blocks in DigitalOcean hosting using Ubuntu and Nginx. I have uploaded all the website files to var/www/website-folder.

Now when I try to access the website then only one link works and redirects don't work. The website is yoalfaaz[dot]com

I am using SSL from Namecheap and it worked perfectly when I used Hostgator hosting so one thing is sure that I am somewhere wrong in the setup. Below is the file in which I made changes /etc/nginx/sites-enabled.

server {
        listen 80 ;
        listen [::]:80 ;

         return 301 https://www.example.com$request_uri;

        # Add index.php to the list if you are using PHP
        index index.php index.html index.htm index.nginx-debian.html;

        server_name www.example.com example.com;

        location / {
                # First attempt to serve request as file, then
                # as directory, then fall back to displaying a 404.
                try_files $uri $uri/ =404;
        }
        location ~ \.php$ {
        include snippets/fastcgi-php.conf;
        fastcgi_pass unix:/run/php/php7.0-fpm.sock;
        }

        location ~ /\.ht {
        deny all;
        }
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    root /var/www/example.com/html;
    server_name www.example.com;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /home/name/example.com.chained.crt;
    ssl_certificate_key /home/name/example.com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    #ssl_dhparam /path/to/dhparam.pem;

    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH$
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;
 # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8;

}

UPDATED: There was an issue with DNS lookup, I have fixed that and now 301 redirects are working fine (checked through curl -I). But still, the website isn't loading.

As nothing was working so, I tried to remove redirects and try to load website without SSL and surprisingly it loaded just fine. Now I am thinking that the issue might be due to SSL, as every other problem has been fixed (as pointed out by the community members).

Gurjyot Singh
  • 39
  • 1
  • 10
  • 1
    @JacobEvans I have seen that question before but I am unable to figure out the mistake I am doing. So can you please tell what I am messing up? – Gurjyot Singh Feb 03 '18 at 01:01

3 Answers3

1

Easiest would be to define a server_name block for the root domain and return 301 https://www.exanple.com$request_uri;

server { listen 80 ; listen [::]:80 ; server_name  example.com; return 301 https://www.example.com$request_uri; }
Jacob Evans
  • 7,886
  • 3
  • 29
  • 57
  • Thank you for your time. I have made some changed in the file and as per your answer, I have made a 301 redirect in port 80 to ```https://www.example.com$request_url;``` Although it's still not working quite working. Is there something else that I am missing? – Gurjyot Singh Feb 03 '18 at 11:26
  • Moreover, now the only link which was working is being redirected to ```https://www.example.com/cgi-sys/suspendedpage.cgi``` – Gurjyot Singh Feb 03 '18 at 11:33
  • I tried what you said, although the website is still not loading but, when I use ```curl -I www.yoalfaaz.com``` then it shows a 301 redirect. On the other hand, when I try ```curl -i yoalfaaz.com``` then it says "Could not resolve host". – Gurjyot Singh Feb 03 '18 at 13:03
  • Looks like a DNS issue – Jacob Evans Feb 03 '18 at 13:24
  • So what would you suggest that I should do to fix this? And thanks a lot for your time. – Gurjyot Singh Feb 03 '18 at 13:27
  • Add the IP to DNS... – Jacob Evans Feb 03 '18 at 13:34
  • You were right, there was in DNS issue and I have fixed that now. Now all the redirects work fine as I can check with curl -I, although the website is still not loading. Thanks once again for giving this issue so much time :) – Gurjyot Singh Feb 05 '18 at 20:32
1

Try replicating your 443 section for the non-www https version, and use a 301 to redirect to the https://www version.

server {
    listen 80 ;
    listen [::]:80 ;
    server_name www.example.com example.com;
    return 301 https://www.example.com$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    root /var/www/example.com/html;
    server_name example.com;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /home/name/example.com.chained.crt;
    ssl_certificate_key /home/name/example.com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    #ssl_dhparam /path/to/dhparam.pem;

    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH$
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;
    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8;

    return 301 https://www.example.com$request_uri;
}

server {
    listen 443 ssl http2;
    listen [::]:443 ssl http2;
    root /var/www/example.com/html;
    server_name www.example.com;

    # certs sent to the client in SERVER HELLO are concatenated in ssl_certificate
    ssl_certificate /home/name/example.com.chained.crt;
    ssl_certificate_key /home/name/example.com.key;
    ssl_session_timeout 1d;
    ssl_session_cache shared:SSL:50m;
    ssl_session_tickets off;

    # Diffie-Hellman parameter for DHE ciphersuites, recommended 2048 bits
    #ssl_dhparam /path/to/dhparam.pem;

    # intermediate configuration. tweak to your needs.
    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
    ssl_ciphers 'ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDH$
    ssl_prefer_server_ciphers on;

    # HSTS (ngx_http_headers_module is required) (15768000 seconds = 6 months)
    add_header Strict-Transport-Security max-age=15768000;
    # OCSP Stapling ---
    # fetch OCSP records from URL in ssl_certificate and cache them
    ssl_stapling on;
    ssl_stapling_verify on;

    resolver 8.8.8.8;
}

As a side-note, browsers will cache 301's for a long time. Ensure you've cleared the 301 cache when testing, Chrome/FF developer tools have this feature. Use curl -I to test

Jacob Evans
  • 7,886
  • 3
  • 29
  • 57
jblz
  • 215
  • 1
  • 3
  • 11
0

Sounds like a DNS issue. domain.com should be an an A record with the IP of the server, while www should be a CNAME to domain.com

You also mentioned this worked on Host Gator. When did you update DNS? It takes 48-72 hours for DNS to fully propagate.

Matt Morrow
  • 41
  • 6
  • Thank you for your time and you are correct, there was an issue with DNS so I fixed it now. Now there is an A record and www with CNAME as well. I have also checked all redirects with curl -I, those are working fine as well. Now the only issue remains is that the website doesn't load. – Gurjyot Singh Feb 05 '18 at 20:25